MCI set to offer secure two-way messaging with strong encryption

Ian Grigg iang at systemics.com
Wed Oct 27 11:01:08 EDT 2004 

http://www.gcn.com/vol1_no1/daily-updates/27748-1.html

MCI set to offer secure two-way messaging with strong encryption
10/27/04
By William Jackson,
GCN Staff

MCI Inc. will offer secure two-way messaging through its SkyTel
Communications subsidiary next month, encrypting wireless text
with the Advanced Encryption Algorithm.

“It was initially designed to meet the security needs of our
government customers,” SkyTel marketing director Michael Barnes
said.

The company plans to get the device for its Secure 2Way service
certified for Federal Information Processing Standard 140-2,
which applies to cryptological devices used by the government.

The company also is promoting the service as compliant with the
Health Insurance Portability and Accountability Act and expects
the health care and financial service industries to be early users.

Text messaging and paging has emerged as a reliable—sometimes
the only—means of communication during emergencies that disrupt
other media, such as wired and cellular telephone systems and
the Internet.

The Secure 2Way service uses the handheld ST900 2Way messaging
device from Sun Telecom Inc. of Norcross, Ga. Messages are
encrypted between the device and an encryption server at SkyTel’s
secure network operations center.

Two levels of service are offered. Device-level security provides
device-to-device encryption when both users have the ST900. When
messages are received from nonsecure devices, traffic is encrypted
only between the operations center server and the ST900. With
end-to-end security, all traffic is blocked except that from
other secure ST900 devices so there is no unencrypted link on
any message.

The service uses 128-bit encryption keys with AES and the ANSI
X9.63 key management standard for symmetrical keys. The National
Security Agency has approved AES with 128-bit keys for use up to
secret classification. The key on each device is automatically
changed every 30 days or after 5,000 messages. The initial key
generation and exchange takes about eight minutes. Subsequent
key changes take two or three minutes.

Each device also is password protected with an eight-character
alphanumeric password.

“It was tough to build the AES encryption into the device,”
Barnes said. “It is not done through add-on hardware.”

After buying the ST900, there’s no extra charge for the device-
level service. End-to-end service incurs an additional fee.

© 1996-2004 Post-Newsweek Media, Inc. All Rights Reserved.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list